Click here to receive your FREE subscription to Campus Technology
News
Assess Security and Boost Innovation, Says RSA Exec
4/14/2008
Art Coviello kicked off RSA Conference 2008, his company's namesake information security conference, yesterday (April 8) in San Francisco with a warning."We're in a perfect storm," said Coviello, RSA's president.
He described the elements making up that storm. We have technical innovations that are supporting increasingly sophisticated attacks, and those problem areas are showing up as end users are becoming overwhelmed by security protocols and policies.
"Users of every stripe are confronted every day with cryptic dialog boxes that ask, 'Are you sure?'" he said. "It's the technology equivalent of, 'Do you feel lucky today?' One wrong click can jeopardize livelihoods and identities."
Concerns about security are stifling business innovation, he said, as a result of this convergence.
"More than 80 percent of IT, security and business executives surveyed admit that their organizations have shied away from business innovation opportunities because of information security concerns," Coviello told his audience. He pulled those numbers from resent IDG research commissioned by RSA.
We can calm this storm, he said, with a change of mindset, from "no" to "how." Enterprises that view security as a necessary evil -- and that's most of them, Coviello said -- should examine their prejudices and stop viewing security as a business impediment.
"The next time a new idea comes up," he said, "don't start by saying it isn't secure. Start by evaluating exposures, the probability of the exposures being exploited, and the materiality of the consequences. Then put forth a plan to reduce risk in all three areas. Nothing should be done unless it is in the context of risk."
And while you're at it, lose the attitude about your security people. They're not the bad guys, and you need to work with them.
"The recommendations of our research group are clear: Align the [security] practitioner with the business, and align the implementation of security with the risk," he said.
His term for this change of mindset, "thinking security," aims to drive a data-centric approach to security down into the enterprise infrastructure, eliminating the view that IT security is a separate function. It envisions organizations making high-level risk assessments, collecting and analyzing threat data and easing the burden on the end user to adhere to security policies.
This change of mindset would "catapult" security to "a new plane," Coviello said, "where [security] is widely seen as an accelerator of innovation."
Coviello called on the U.S. Congress to spend more on education to produce better-trained developers and IT workers, and to establish a "breach notification" law that creates a single federal standard, and a national standard, for safeguarding sensitive information. He added his hope that the House of Representatives would pass the cyber-crime bill that was passed by the House in 2007.
Recommended Reading
- Fixed-Mobile Convergence: Dartmouth Beefs Up Cell Coverage, Cuts Costs
Problems with cell phone coverage aren't uncommon on college campuses. There are two main reasons: The beefy structure of historic buildings can block cellular reception within walls, and, on more remote campuses outside cities, signal coverage can be light.
- Thompson Rivers U Deploys Unified Digital Campus for ERP
Thompson Rivers University (TRU) in British Columbia has selected SunGard Higher Education's Banner Unified Digital Campus (UDC) to integrate its ERP systems.
- DV Kitchen Web Video Publishing System Released
DVcreators.net has released DV Kitchen, a new video encoding and publishing application for Mac OS X designed specifically for creating materials to be posted on the Web.
- NEC Debuts 4 Education Projectors
NEC this week debuted four new projectors targeted toward education applications, along with a new MultiSync LCD display. The new NP-series projectors are entry-level models started at $899 but are designed to provide high light output, support for closed captioning, and built-in networking capabilities.
- Security Researchers Uncover Spring Framework Vulnerability
Software frameworks are enjoying enormous popularity these days among a range of developers. It's popularity well earned; frameworks provide powerful tools for building more flexible and less error-prone applications. They generally enhance developer productivity with out-of-the-box functionality. And they can free developers to focus on features instead of common coding tasks.
- 3PAR Server Arrays Integrate Fat-to-Thin Processing
Utility storage provider 3PAR has announced the release of the 3PAR InServ T400 and T800 Storage Servers. The new hardware is built on the company's third-generation InSpire architecture, featuring the 3PAR Gen3 ASIC with integrated fat-to-thin processing.
